Hi there! I’m building a proof-of-concept for hosting thousands to tens of thousands of websites fronted by Caddy. We’d be running multiple instances of Caddy behind a load balancer, and I have two questions that I couldn’t clarify in the docs (Automatic HTTPS — Caddy Documentation as well as the linked
CADDY_CLUSTERING readme). If someone clarifies for me, I’d be happy to contribute documentation and even code snippets of our setup for others to use.
- Is DNS challenge required once you cluster behind a load balancer? This wouldn’t work for our setup, as we don’t have programmatic access to each of our customers’ DNS providers, and would have to lean on ACME’s HTTP-based proof mechanisms. Older docs reference the DNS challenge being required for clustering behind a load balancer, but I could imagine that servers could coordinate for HTTP-based proofs.
- Is there an example of using S3 for
CADDY_CLUSTERING? The docs at GitHub - securityclippy/magicstorage: storage backends for certmagic don’t give much of a hint around configuration. As an alternative, we can opt for a shared mount via AWS’s EFS, but I figured I’d as before diving into that.
Thanks so much for your help. With a few pointers toward a completed proof-of-concept, I’d be delighted to contribute documentation to help the next person!